From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Tue, 9 May 2023 08:07:20 +0000 (+0200)
Subject: Get rid of init_mount_namespace()
X-Git-Tag: v15~174^2~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6a9e0fb9a293d2e9d53cbffe975f4ac055b446d3;p=thirdparty%2Fmkosi.git

Get rid of init_mount_namespace()

Let's just unshare the mount namespace as well as part of
become_root(). Also stop making every mount a slave mount, since
we don't really care about host mounts propagating into our mount
namespace.
---

diff --git a/mkosi/__init__.py b/mkosi/__init__.py
index 873e86d71..8ea34d8d8 100644
--- a/mkosi/__init__.py
+++ b/mkosi/__init__.py
@@ -36,14 +36,7 @@ from mkosi.manifest import Manifest
 from mkosi.mounts import dissect_and_mount, mount_overlay, scandir_recursive
 from mkosi.pager import page
 from mkosi.remove import unlink_try_hard
-from mkosi.run import (
-    become_root,
-    fork_and_wait,
-    init_mount_namespace,
-    run,
-    run_workspace_command,
-    spawn,
-)
+from mkosi.run import become_root, fork_and_wait, run, run_workspace_command, spawn
 from mkosi.state import MkosiState
 from mkosi.types import PathString
 from mkosi.util import (
@@ -2278,7 +2271,6 @@ def run_verb(args: MkosiArgs, presets: Sequence[MkosiConfig]) -> None:
             def target() -> None:
                 # Get the user UID/GID either on the host or in the user namespace running the build
                 uid, gid = become_root()
-                init_mount_namespace()
                 build_stuff(uid, gid, config)
 
             # We only want to run the build in a user namespace but not the following steps. Since we
diff --git a/mkosi/run.py b/mkosi/run.py
index 8e13b312d..4fc79ea25 100644
--- a/mkosi/run.py
+++ b/mkosi/run.py
@@ -107,7 +107,7 @@ def become_root() -> tuple[int, int]:
 
         os._exit(0)
 
-    unshare(CLONE_NEWUSER)
+    unshare(CLONE_NEWUSER|CLONE_NEWNS)
     event.set()
     os.waitpid(child, 0)
 
@@ -120,11 +120,6 @@ def become_root() -> tuple[int, int]:
     return SUBRANGE - 100, SUBRANGE - 100
 
 
-def init_mount_namespace() -> None:
-    unshare(CLONE_NEWNS)
-    run(["mount", "--make-rslave", "/"])
-
-
 def foreground() -> None:
     """
     If we're connected to a terminal, put the process in a new process group and make that the foreground